Can you write rules in a programmatic if-then style?

Question

Can you do if-then style statements in SpamAssassin?

I get spam sent to me that uses my email address for the sender's name and I would like to write a general rule for this.

For example, I receive spam messages with From: and To: lines like this:

From: "me@mydomain.org" <spam@spam.com>
To: <me@mydomain.org>

Below I refer to this format as:

From: "Name" <address>
To: <address>

Is it possible to write a rule that says:

if 
  the (From: name)
  is equal to (To: email address)
  but not the (From: email address)
then 
 give it a score?

I am thinking this specifically in case my server automatically sends messages in a similar format, such as: "root@mydomain.org" <root@mydomain.org>.
I don't want the rule to accidentally score emails like that.

I only see how to write positive rules. So I can look for these kinds of simple matches

header LOCAL_FROM_NAME_MyAddress   From =~ /\"me@mydomain.org\"/

header LOCAL_FROM_Address_MyAddress   From =~ /<me@mydomain.org>/

header LOCAL_TO_Address_MyAddress   From =~ /<me@mydomain.org>/

So I could create a score if they all produced a match:

meta LOCAL_FROM_ME_TO_ME ((LOCAL_FROM_NAME_MyAddress + LOCAL_FROM_Address_MyAddress + LOCAL_TO_Address_MyAddress) >2)
score LOCAL_FROM_ME_TO_ME -0.1

But that is as far as I can go. I haven't seen any way to do something more complex.

score 0 · Answer 1 · answered Nov 09 '22 at 01:36

SpamAssassin meta rules support boolean expressions, so you can use the &&, ||, and ! operators to create more complex matches. In the specific example you've given, the rule is logically equivalent to:

(FROM_NAME equals MyAddress) and (FROM_ADDR does not equal MyAddress)

A ruleset to express this could be:

header __LOCAL_FROM_NAME_MyAddress  From:name =~ /me\@mydomain\.org/
header __LOCAL_FROM_ADDR_MyAddress  From:addr =~ /me\@mydomain\.org/
meta LOCAL_SPOOFED_FROM (__LOCAL_FROM_NAME_MyAddress && !__LOCAL_FROM_ADDR_MyAddress)
score LOCAL_SPOOFED_FROM 5.0

If meta rules and boolean expressions are not enough, you can write a Perl plugin. Check out the many examples on CPAN, and perhaps specifically Mail::SpamAssassin:FromMailSpoof.

Notes

^{You can write :name and :addr to parse specific parts of the From and To headers.

You can prefix your sub-rules with __ so that they will not score on their own.

Special characters like @ and . should be escaped in regex patterns.}

Can you write rules in a programmatic if-then style?

1 Answers1

Notes